flat assembler
Message board for the users of flat assembler.
Index
> Windows > kernel-mode driver for hooking SDT, _basic_ example |
Author |
|
okasvi 09 Sep 2006, 21:19
Nothing new, just had laying on HD and RG was interested, havent seen one in fasm tho...
Next step to do would be adding hooking of USEFULL api's Have fun...
_________________ When We Ride On Our Enemies support reverse smileys |: |
|||||||||||
09 Sep 2006, 21:19 |
|
vid 10 Sep 2006, 07:15
could you post direct link to that KMD-manager?
|
|||
10 Sep 2006, 07:15 |
|
Mr_Silent 10 Sep 2006, 07:31
|
|||
10 Sep 2006, 07:31 |
|
asmfan 28 Sep 2007, 18:58
I think i found a bug in code:
Code: mov dword [eax+DRIVER_OBJECT.MajorFunction+IRP_MJ_CREATE], DispatchCreateClose ;driverobject+038h mov dword [eax+DRIVER_OBJECT.MajorFunction+IRP_MJ_CLOSE], DispatchCreateClose ;driverobject+040h mov dword [eax+DRIVER_OBJECT.MajorFunction+IRP_MJ_DEVICE_CONTROL], DispatchCreateClose ;driverobject+070h IRP_MJ_CREATE, IRP_MJ_CLOSE, IRP_MJ_DEVICE_CONTROL are just indexes in array of procs tus they should be multiplied by 4 to get addresses. The correct code should be imo like this Code: mov dword [eax+DRIVER_OBJECT.MajorFunction+IRP_MJ_CREATE*4], DispatchCreateClose ;driverobject+038h mov dword [eax+DRIVER_OBJECT.MajorFunction+IRP_MJ_CLOSE*4], DispatchCreateClose ;driverobject+040h _________________ Any offers? |
|||
28 Sep 2007, 18:58 |
|
< Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.